SlideShare une entreprise Scribd logo

Dragonfly: Western energy sector targeted by sophisticated attack group

Télécharger en tant que PPTX, PDF
Symantec Security Response
Symantec Security Response

Symantec found evidence linking a recent campaign of cyber attacks on the energy sector in Europe and the U.S. to a group called Dragonfly, which was first seen in 2011. This "Dragonfly 2.0" campaign appears to have begun in 2015, with an increase in activity seen since the beginning of 2017. Read more about this group in Symantec Security Response's blogs: https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group Dragonfly 1.0: https://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat-energetic-bear

Technologie
1  sur  11
Title Presenter Date Dragonfly 2.0 Attacks Against the Western Energy Sector
2Copyright © 2017 Symantec Corporation o Symantec research reveals ongoing campaign against the energy sector o Majority of targeted organizations are in the US and Turkey, with possible infections in other countries o Primary motive is intelligence-gathering o Intelligence gathered may enable future sabotage attacks Dragonfly 2.0
3Copyright © 2017 Symantec Corporation o Dragonfly group first profiled by Symantec in 2014 o Also known as Energetic Bear o Research revealed cyber espionage campaign targeting energy sector from as early as 2011 o Breached organizations using watering-hole websites and trojanized ICS software History of Dragonfly
4Copyright © 2017 Symantec Corporation o Resurgence of energy attacks beginning late 2015 o Ramping up of activity during 2017 o Recent campaign shares tools and techniques with earlier Dragonfly activity Dragonfly 2.0
5Copyright © 2017 Symantec Corporation Dragonfly 2.0 - Infiltration Spear-phishing Emails Watering-hole websites Trojanized software • Earliest emails disguised as party invites • Later campaigns used energy-related content and some generic content • Attackers used Phishery toolkit • Toolkit uses template injection method to steal network credentials • Attackers compromised websites likely visited by those in energy sector • Some evidence that watering hole websites used fake Flash updates to install malware • Shelter evasion framework used to develop trojanized applications • Backdoor programs installed using trojanized versions of Windows apps
6Copyright © 2017 Symantec Corporation o Dragonfly uses a mixture of custom and generally available tools o Backdoor.Dorshell o Trojan.Karagany.B o Trojan.Heriplor o Trojan.Listrix o Trojan.Credrix o Backdoor.Goodor o Phishery o Screenutil o Tools are primarily used for credential theft and screen capturing o Also use living off the land techniques, e.g. PowerShell Dragonfly 2.0 - Toolset
7Copyright © 2017 Symantec Corporation Feature Dragonfly 1.0 Dragonfly 2.0 Link strength Backdoor.Oldrea Yes No None Trojan.Heriplor (Oldrea stage II) Yes Yes Strong Trojan.Karagany Yes Yes (Trojan.Karagany.B) Medium-Strong Trojan.Listrix (Karagany stage II) Yes Yes Medium-Strong “Western” energy sector targeted Yes Yes Medium Strategic website compromises Yes Yes Weak Phishing emails Yes Yes Weak Trojanized applications Yes Yes Weak Dragonfly 1.0 and 2.0 Links
8Copyright © 2017 Symantec Corporation o Harvesting credentials from targeted organizations with the likely aim of maintaining access o Screenshots to acquire understanding of operational activities Dragonfly 2.0 - Motives o Stolen credentials could facilitate future disruptive activities o Some evidence that operational systems have been breached o Screenshot filenames from target machines include the string “cntrl” (control) Intelligence gathering Sabotage
9Copyright © 2017 Symantec Corporation o Unclear at this time o Evidence of some sophistication o Scale of campaign o Availability of custom tools o But…possible lack of resources or attempts at misattribution o No zero days o Use of living off the land techniques and generally available tools o Mixture of French and Russian language strings Who’s behind Dragonfly?
10Copyright © 2017 Symantec Corporation o Symantec customers are protected against Dragonfly activity o Tools specifically detected as: o Trojan.Phisherly o Backdoor.Goodor o Trojan.Karagany.B o Backdoor.Dorshel o Trojan.Heriplor o Trojan.Listrix o Trojan.Karagany Protection
11Copyright © 2017 Symantec Corporation 11Copyright © 2017 Symantec Corporation Thank you

Recommandé

DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Computer forensics and steganography
Computer forensics and steganographyComputer forensics and steganography
Computer forensics and steganographyXavier Prathap
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 

Recommandé

DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Computer forensics and steganography
Computer forensics and steganographyComputer forensics and steganography
Computer forensics and steganographyXavier Prathap
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
DDoS.pptx
DDoS.pptxDDoS.pptx
DDoS.pptxPraveenKumarPatel9
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Brute force attack
Brute force attackBrute force attack
Brute force attackJamil Ali Ahmed
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksPascal Flöschel
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Dragonfly.pdf
Dragonfly.pdfDragonfly.pdf
Dragonfly.pdfesther arias
 
603535ransomware
603535ransomware603535ransomware
603535ransomwareAlexander Constantinou
 

Contenu connexe

Tendances

Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)Aj Maurya
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAAKASH S
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 

Tendances (20)

Cia security model
Cia security modelCia security model
Cia security model
 
Pgp
PgpPgp
Pgp
 
DDoS.pptx
DDoS.pptxDDoS.pptx
DDoS.pptx
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Spoofing
SpoofingSpoofing
Spoofing
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Email security
Email securityEmail security
Email security
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
Operating system security
Operating system securityOperating system security
Operating system security
 

Similaire à Dragonfly: Western energy sector targeted by sophisticated attack group

Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Symantec Security Response
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 
AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
 
Crack the Code
Crack the CodeCrack the Code
Crack the CodeInnoTech
 
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Symantec Security Response
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Websense security prediction 2014
Websense security prediction 2014Websense security prediction 2014
Websense security prediction 2014Bee_Ware
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityCyphort
 
Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16Matthew Kurnava
 
Gand crab ransomware analysis
Gand crab ransomware analysisGand crab ransomware analysis
Gand crab ransomware analysisPoduralla Tarun
 
Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy SuppliersDragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy SuppliersSumutiu Marius
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesTrend Micro
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Chema Alonso
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT
 

Similaire à Dragonfly: Western energy sector targeted by sophisticated attack group (20)

Dragonfly.pdf
Dragonfly.pdfDragonfly.pdf
Dragonfly.pdf
 
603535ransomware
603535ransomware603535ransomware
603535ransomware
 
Threat landscape update: June to September 2017
Threat landscape update: June to September 2017Threat landscape update: June to September 2017
Threat landscape update: June to September 2017
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)
 
AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI report
 
CPS - Week 1.pptx
CPS - Week 1.pptxCPS - Week 1.pptx
CPS - Week 1.pptx
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
 
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
Sowbug: Cyber espionage group targets South American and Southeast Asian gove...
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Websense security prediction 2014
Websense security prediction 2014Websense security prediction 2014
Websense security prediction 2014
 
Regin
ReginRegin
Regin
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in Cybersecurity
 
Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16
 
Gand crab ransomware analysis
Gand crab ransomware analysisGand crab ransomware analysis
Gand crab ransomware analysis
 
Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy SuppliersDragonfly: Cyberespionage Attacks Against Energy Suppliers
Dragonfly: Cyberespionage Attacks Against Energy Suppliers
 
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security TechniquesEncryption in the Public Cloud: 16 Bits of Advice for Security Techniques
Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques
 
Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64Trends in network security feinstein - informatica64
Trends in network security feinstein - informatica64
 
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018 NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
 

Plus de Symantec Security Response

Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Symantec Security Response
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniquesSymantec Security Response
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksSymantec Security Response
 
Shamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsShamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsSymantec Security Response
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowSymantec Security Response
 

Plus de Symantec Security Response (8)

ISTR 23: Internet Security Threat Report
ISTR 23: Internet Security Threat Report ISTR 23: Internet Security Threat Report
ISTR 23: Internet Security Threat Report
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...
 
Ransomware 2017: New threats emerge
Ransomware 2017: New threats emergeRansomware 2017: New threats emerge
Ransomware 2017: New threats emerge
 
Financial threats review 2017
Financial threats review 2017Financial threats review 2017
Financial threats review 2017
 
Living off the land and fileless attack techniques
Living off the land and fileless attack techniquesLiving off the land and fileless attack techniques
Living off the land and fileless attack techniques
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
 
Shamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizationsShamoon attacks - Destructive malware targeting Middle East organizations
Shamoon attacks - Destructive malware targeting Middle East organizations
 
WannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to knowWannaCry ransomware outbreak - what you need to know
WannaCry ransomware outbreak - what you need to know
 

Dernier

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Dernier (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Dragonfly: Western energy sector targeted by sophisticated attack group

  • 1. Title Presenter Date Dragonfly 2.0 Attacks Against the Western Energy Sector
  • 2. 2Copyright © 2017 Symantec Corporation o Symantec research reveals ongoing campaign against the energy sector o Majority of targeted organizations are in the US and Turkey, with possible infections in other countries o Primary motive is intelligence-gathering o Intelligence gathered may enable future sabotage attacks Dragonfly 2.0
  • 3. 3Copyright © 2017 Symantec Corporation o Dragonfly group first profiled by Symantec in 2014 o Also known as Energetic Bear o Research revealed cyber espionage campaign targeting energy sector from as early as 2011 o Breached organizations using watering-hole websites and trojanized ICS software History of Dragonfly
  • 4. 4Copyright © 2017 Symantec Corporation o Resurgence of energy attacks beginning late 2015 o Ramping up of activity during 2017 o Recent campaign shares tools and techniques with earlier Dragonfly activity Dragonfly 2.0
  • 5. 5Copyright © 2017 Symantec Corporation Dragonfly 2.0 - Infiltration Spear-phishing Emails Watering-hole websites Trojanized software • Earliest emails disguised as party invites • Later campaigns used energy-related content and some generic content • Attackers used Phishery toolkit • Toolkit uses template injection method to steal network credentials • Attackers compromised websites likely visited by those in energy sector • Some evidence that watering hole websites used fake Flash updates to install malware • Shelter evasion framework used to develop trojanized applications • Backdoor programs installed using trojanized versions of Windows apps
  • 6. 6Copyright © 2017 Symantec Corporation o Dragonfly uses a mixture of custom and generally available tools o Backdoor.Dorshell o Trojan.Karagany.B o Trojan.Heriplor o Trojan.Listrix o Trojan.Credrix o Backdoor.Goodor o Phishery o Screenutil o Tools are primarily used for credential theft and screen capturing o Also use living off the land techniques, e.g. PowerShell Dragonfly 2.0 - Toolset
  • 7. 7Copyright © 2017 Symantec Corporation Feature Dragonfly 1.0 Dragonfly 2.0 Link strength Backdoor.Oldrea Yes No None Trojan.Heriplor (Oldrea stage II) Yes Yes Strong Trojan.Karagany Yes Yes (Trojan.Karagany.B) Medium-Strong Trojan.Listrix (Karagany stage II) Yes Yes Medium-Strong “Western” energy sector targeted Yes Yes Medium Strategic website compromises Yes Yes Weak Phishing emails Yes Yes Weak Trojanized applications Yes Yes Weak Dragonfly 1.0 and 2.0 Links
  • 8. 8Copyright © 2017 Symantec Corporation o Harvesting credentials from targeted organizations with the likely aim of maintaining access o Screenshots to acquire understanding of operational activities Dragonfly 2.0 - Motives o Stolen credentials could facilitate future disruptive activities o Some evidence that operational systems have been breached o Screenshot filenames from target machines include the string “cntrl” (control) Intelligence gathering Sabotage
  • 9. 9Copyright © 2017 Symantec Corporation o Unclear at this time o Evidence of some sophistication o Scale of campaign o Availability of custom tools o But…possible lack of resources or attempts at misattribution o No zero days o Use of living off the land techniques and generally available tools o Mixture of French and Russian language strings Who’s behind Dragonfly?
  • 10. 10Copyright © 2017 Symantec Corporation o Symantec customers are protected against Dragonfly activity o Tools specifically detected as: o Trojan.Phisherly o Backdoor.Goodor o Trojan.Karagany.B o Backdoor.Dorshel o Trojan.Heriplor o Trojan.Listrix o Trojan.Karagany Protection
  • 11. 11Copyright © 2017 Symantec Corporation 11Copyright © 2017 Symantec Corporation Thank you